#cyber-and-careers

Ethical Hacking has aged me more than programming ever did.

just been working in C#, Android mostly. Why do you stay in ethical hacking if I may ask?

Greater challenge

Does it seem more profitable? Or more in it for the passion?

It varies

I got 1 hour till I take off for my interview.

What questions should I be prepared for when interviewing for a cybersec analyst position?

And what can I say that could "Wow!" them?

I asked chatgpt the typical day of a cybersec analyst and went from there to get a better grip of the game

How you work in a group.
Hobbies, interests that might relate to the role.
Talk about looking to get Microsoft Certs focued towards SOC

Hey man, sorry for the lack of follow-up there.

I did the research and found out that job listings are asking for certs way less that I imagined, but the ones that did were asking for different stuff, so while the picture is clearer, it has many different colors

you should probably htougt about this a few days ago.

Just lean a bit foward, be confident. talk about something that you know. Do not lie and wing things. When asked questions draw paralells or refer to things in real ife that you know and can be confident about

Cert is in most cases a wish or a good to have.

It says 0 about your skills

Just have a genuine interest and somewhat knowlage about the topic ahead. They will teach you everything you need too know

Yeah, thats one of the points I concluded on after my research. In fact, university/college degree are still way far more demanded than certs

That's not to say all or almost all job offerings were asking for it, ofc

I would dox the company as much as I can.

Big company = lots of vhosts(subs). I would look at shodan and find services that contain the companys name in their subs.

FIgure out what they run and get some small knowlage about what it is and mention I look forward to learn about it etc

But that is me and I am broken. I dox everyone and everything

Osint is fun 🙂

Not a bad way to go about it. A very red team method as well

When I was asked about salary I already knew everyones salary in the meeting. 😄

It's interesting. Always feels good to think you know more about others than they know about you, better yet it being actually true

Based

I did this actually lol

As long as one do not lie

Idk if I should bring it up

Already did

I just got a kid fired from his job and the next one he applied too. He was interviewing in my team.

I recognised his name. Thougt about it for two weeks. Asked courts for his papers and got them during intervjew. Lucky for him he was remote and not face to face

He would have tripped down the stairs

Court?

Im not gpnna lie lol.

Its just, mainly my cybersec experience is offensive not defense

he was concited of sexual exposure of minors.

Oof

Gross

Those papers are public knowlage here

US?

He was currently hired at one if the biggest security firms in the world, got let go.

Got hired at an even bigger firm, I got him fired within 5 days 🙂

Wow

Chasing preds

Quite the story lol

Damn

And if he is dumb enough to post his new job (if he ever gets one) on linked in. I am back at it

I swwar I better not mess up

Been studying non stop

Interviews come and go, Just be positive and show a will to learn. They do not expect you to know everything.

Just have a wast idea of what cyber security analyst is.

I work as a SOC, I use multiply log sources, We work alot in Microsoft Entra and Defender etc.

It is not rocket science

I can teach anyone to do it

I know analyst overview the SIEM, secueity logs, phishing/malware triage, and escalation

If they use XSIAM or Cortex etc. I will teach you after work 😄

Bet

Phishing with pdfs with QR codes are super huge right now

They bypass all checks in defender

Then just be confident, it will be great

Thats it in a nutshell.

I've done some triaging, packet capture and analysis, escalation, malware analysis, case follow-up, and very superficial SIEM and IDS messing around

Also playbooks and firewall configs

Playbooks are great

I'd like to be able to do more with the SOC sim but it's just for businesses

I wish I could review Splunk or OpenVAS, wasnt the latter free at one point? I remember messing with it back in late 2021

I would ask how they were effected by Salesforce breach, Oracle cloud before the summer, etc

Those were quite big breaches

They got hacked in 2023 I remeber that. The super intendent quit cause of it

Sharepoint recently also.

Depends on the company 😄

(you see that I like babbling, so I can do the interview with myself)

Just trying to help

Its ok i appreciate it

Cause I habe 30 mins left lol

Have*

I hope you get a second interview

It should be one from what I know

Best if luck

Hopefullly

I had 3.

for 1 position

Manager & HR

Ive been there

Manager & Team
Grandpa interviews last

Yup

The vips

I just talked about my homelab for 30 min and my 3d printers and hacking in general

Thats the thing, I have to not get anxiety stupid and mix my ethical hacking with my greyhat exp days

By ethical I mean THM lol

Be proud about greyhat

That is what gives you validity

I just dont want to get in trouble or denied cause of it. Some employers will mark you for it

Kids today just want to pentest and have no clue what it was growing up with dail-up modems

I remeber when WiFi router were wap or had no security configuration

haha WEP

Like locking your bike with thread

Pretty much

pofh and open

WEP was the worst ever

couple of hand shakes and open sesamy

Use to steal my niegbors internet lol

Let us know how it went after

Downloaded GTA san Andreas on the 360 lol

For sure!

Ace it

One thing that I did feel kind of insecure about, was that a lot of job offerings asked for uni/college degrees, and I don't have one

Don't post links to files for download please.

Okay

Needa see at least 4

I think I did good but not perfect

And they probably wanted perfect

But, well see idk

They seemed impressed. They gave me 13x questions

4x people

What I felt kept marking me was the questions related to security defense experience.

Which I dont have so I had to substitute with other similar examples I have done

I mean, I have done basic stuff like virus removal and analysis of accounts for compromise

Also, I totally forgot to mention my medium articles x.x

That could have been the deal breaker

Are they in your name?

the articles, if so they might have seen them already

Only if they saw my linkedin which I doubt.

They do know about my two certs!

TryHackMe Contrabando Room Write-Up CTF: (CVE-2023–25690/SSRF/ SSTI Scenario)
https://systemweakness.com/tryhackme-contrabando-room-write-up-ctf-cve-2023-25690-ssrf-ssti-scenario-44743b3baa8a

This the latest I made

My offensive havking skills would NOT have impressed them. Trust me, I was really in a corner

I still think I did good

Especially for a greenhorn

Cyber defense wise

Great posts but Ima make fun of you in the future 😄

What I do? 0.o

Is it the article? Did I say something or point something wrong?

Nono nothing like that

Guys, can someone tell me how I can buy a subscription to TryHackMe because it's throwing various errors. What is the solution? Anyone can guide

@viscid vigil What are the errors

you select what kind of sub you want, enter your info and add your card

Can you suggest me which language, I will start first for cybersecurity. I have zero knowledge on programming.

i have selected premium one

declined transaction exceeded limit

A number of recent transactions on this card have been declined. Please wait before you try again, or use a different payment method.

Reverse Engineering

Python /Js

freecodecamp can start you off with very easy html/css a lot of rooms here have small html examples in them. then move on to python. i'll never, ever suggest javascript on anyone 🤣

Why would you ask for a solution this via THM?

Try use your own card

Sounds like carding

ah my adhd level of attention couldnt do that for some reason, maybe its the fact that im knowing im not executing on the actual thing. that worked on for you?

Contact support. I wouldn't trust discord as an option for anything related to payments for a 3rd party.

Anyone here professional cybersecurity expert or anyone who can help who doing work in any organization from India.
I need a small help is there any opening can you please refer me .
It would be very grateful is anyone would help me.

He's merchant is refusing the transfer due to reasonsm nothing THM can do

@north bridge Old enough to have a proper job?

yup i am 22 graduated

btech cs

TCS did not work out for you?

na actually graduated in 2024 and that time i didn't fill form and now whenever i filling the form there is no response

from tcs

Phone them

i am 3 month intern in red teaming like currently working but it is unpaid internship

Tell them you are reado for work

you can always run it on your machine and paste it back into freecodecamp. no harm in it and yes i used freecodecamp for the html and css portion. i think their python is archived still so i use coursera and udemy for python

unpaid job = never ever accept

paid?

i accept it because atleast i will get exp

So you want a foot in cybresecurity. What big global firms have you thougt about contacting?

TCS is a shtty place, but a job is a job. And it is easier to get a new job if you are employed already.

yup. because i also took a bunch of coursera's cyber security courses

plus udemy was free for a month or something

Let me see what I can find. Just wrapping up late lunch

ah my uni paid for that one

ya but i dsa is not my forte also neither web dev

i'm in the states. they don't care about education here lol

and… ur not abusing the tempmails? :(

I have some contacts at TCS via work

whats a tempmail

just join one of those remote unis if u really like that :b

But they pay crap and I would never work there

Ahh i see .. please do something if possible

i'll look into it

“A temporary email address is generated for you instantly and self-destructs after a short period, automatically deleting all received messages. This allows you to sign up for services, receive verification links, and avoid spam without needing to set up a password or log in, keeping your main inbox clean and protecting your privacy. “

thats why i am not interseted i want to go into cybersecurity

but the courses for like python come from universities here too

you need to start somewhere

i cant promise that you’ll get a good one tho

Cant expect to get a dream job 1st time

also focusing on security startup

Why would a start up need a jr

ya bro i can understand

JRs need seniors too teach them

because they pay less..

i joined the cybersecurity course on coursera and the only new things i learned were names and fancy terms

codingwise youtube is better

hmm correct

I would prepare my CV, make sure you get rid of the indian english, becasue that is hard to worh with tbh.

probably true but i was trying to build up some certs to acknowledge that i'm learning something

Accent is not the issue, its the flow. You know what I am talking about

what certs u working on

It is an never ending row of words

ya i can understand

right now rust

but i took a few from pearson, the people who do the a+ cert and such. the comptia ones

the indians got good flow bro. like i should prolly start making an ai that can turn any accent to like ur desired accent to go past the accent that some people find distracting

woooo those are functional

how u cover the fees

coursera plus is monthly, if you learn faster than expected you can get these low level certs in under a month

Indian English often mirrors the flow of Indian languages: long, continuous sentences with few pauses or punctuation. Words run together in a stream, making it sound fast and unbroken. While grammatically correct, it can feel dense or hard to follow for non-Indians.

I encounter this multiply times per day

so what accent u can actually follow

Goa, Deli,Banglor etc all have the same structure

anyway the indian code youtube never worked for me

It is not the accent, its they way they talk. It is not western english

they r good for science technical stuff that u cant figure out

wait what u tryna do again

@warm hinge Where are you from?

some asian country im not proud of but not being protested

Are you trying to discuss indian english based on what you have seen/heard on youtube?

no i just reply to whatever i think i have an idea of what ur trying to look for

I am just trying to help the guys get a job.

chill guys ..

right i just scrolled up

And if they learn to structure their English, it will be easier to land a job outside India or working as a consultant towards companies outside india

wdym chill

we r chill

@north bridge It is all good, the dude made my day

i mean to say not to argue on this ..

Arguing based of youtubers

they already are, its just there are too many of them

Oh

who that dude 🫢

You think there are too many Indians?

i mean existing, that it overshadows the successful ones

fuck i cant send image

google said so

wdu think is pt1 certification is better or htb certification ?

I would not say any of them

ic

What do you want to do?

vapt

So that can be two diffrent paths

ahh two diff paths?

wdym?

VA can be done as a SOC Analyst of any kind.

Easier to start with and then merge in to the Pentest part

yeah .. i got it

So like i have to start with SOC l1

Ans doing Vulnerability analysing can also be validating/triaging

There you have the pentest part

ahh you mean vdp or bug bounty

It is one thing that Pentera, or any system alerts. "CVE XXX"
But then you need to prove it

got it bro thx

and also please see that if you have any connection with security organization if there is any opening .

Because there is a lot of work that it's much more cost effective to pay junior and associate roles. $65/hr is a lot to pay to watch monitoring consoles all day.

question (decision-related):

I’m about to enter my third year of whatever computer related degree it is but I have an offer for at least one year contract to make AI at certain company. I know it seems like a bad idea to the traditional system, but is it that bad if i took a pause in my study then come back to study after i finish my one year contract? It’s something I enjoy doing and I thought it would be nice to take a pause from constantly learning way too many things and do what I want

If it’s posible to continue the studies after that year then this opportunity sounds pretty cool

Maybe there are some other options, like continuing the degree part time?

It is possible, I’m glad u think so

ive discussed this with the company but it requires me to be there physically full time 9-5 mon-fri

And for the degree? Would it be possible to do those studies during weekends/evenings?

my course nah. its a computer engineering and computer system degree. i have to exist physically to poke things with wire

and the lecturers gotta pick kids up and dont wanna bother them over the weekends

Bump.

Is a degree actually required to make it in cyber security and am I cooked if I Carnt get a degree

nah im not getting it for a career. I just took it because someone signed me up for uni and i just went. Anyway most people in cyber security i know doesnt take degree

Oh fr ? Felt like it’s impossible without a degree and Id just be stacking certs that don’t hold as much weight

No, degree is not required, but it might help

I mean the one ive commonly encountered were the ones that goes to bootcamps, and some just grind hard on solo code and make projects, some never mention certs but posts project on githubs then apply for job. come to think of it, ive never met anyone working comp sci stuff having a degree

Oh Yh I did a bootcamp for cyber security practices lvl 3 but it’s only hold uk value and not that much value in general….it was a free bootcamp to do so I did it …low-key waste of time all theory and basics

wait bootcamp like the online one or the one that pays you like an intern?

Online lol it was for 8 weeks

the one i mention is the one like an intern. they pay during your bootcamp and after finish u just kinda work in big places

Ohh yh similar to a apprenticeship

Type thing

Thing is I can’t even afford certs rn …Ik embarrassing

yeah i wish i got chances for one of that… :,) I discovered my computer leniency way too later in my life

u no work?

Check dm

arent u supposed to ask it here… but u kinda nice so ima not complain :)

anyone got to do the Penetration tester path from scratch with t he app and found a job?

Yes that’s what I’m trying to do the market is cooked down England lol even for helpdesk lol

Trynna find them is not easy

Thanks for the advice can we connect ? Seen as u from here to

Gave +1 Rep to @mint ridge (current: #3162 - 1)

sure

Hi everyone! 👋

I'm currently working as an IT Desktop Support Engineer at a software company on the infrastructure team, lost of compliance. SOC, ISO & PCI DSS to name a few. Because of this my day-to-day can look like lots of checklists and change requests.

When my work does get technical it looks like the below:
||Mostly L1, occasionally L2 support tickets, patch management using PDQ, managing Windows Terminal Server environments, remediation of vulnerabilities found by Nessus, Active Directory user accounts, DNS/DHCP, and some PowerShell scripting (often AI-assisted or adapted from articles).||

I'm actively learning Python and working through a back end web development course via boot.dev, and I’m really enjoying the scripting / programming side of things. I’d like to strengthen my Python skills further and brush up on networking fundamentals — I’d say I’m “okay” at networking but not deeply confident yet, I've done some complex networking with pfSense, managed switch and basic SDN with proxmox for home lab.

I’m a little lost as to where to go from here and want to start exploring career paths and certifications and would love advice on the best route forward.

I've been interested in Cyber security / ethical hacking and pen testing for a while but I've also been liking staring at a screen of code trying to problem solve that. So web development does sound like a possibility too.

As far as certifications and career goes:

• Should I pursue Cisco CCNA before going for OSCP or other security-focused certs?
• Is it better to aim for a SOC Analyst role first (after CCNA and become proficient in Python), perhaps while I study OSCP?
• Are there other certs or learning paths you’d recommend based on my current experience and interests?

I’m also here to connect and learn from others, so if you’ve made a similar transition or have insights, I’d really appreciate hearing your story!

Thanks in advance 🙏

Good morning, I am currently an IT System analyst for a large company how do I transition to cyber? I will probably have to go to another company

How's the job market going with everyone so far ?

Anyone know legit companys that will pay someone to learn certs from scratch?
Zero prior exp

.

Why would they do that?

Cause its the same practice as an internship

Internships are usually given to people on relevant degree programmes, or who otherwise already have some prior attestation to their ability.

They also don't cost the company much (if anything, company dependent), unlike certs which can cost thousands.

You're asking for-profit organisations to invest in you. What do they get in return?

There's a lot of mixed info in my research still. That this career is very under staffed, mixed also that there seems to be a high amount of people also not able to find work in their field.
So I'm trying to find where that line is

Certifications are paid for by a company for either compliance reasons, or because that employee is a "good" investment.

It's extremely common for a company to pay for a cert, and the employee leaves shortly thereafter for greener fields. Loyalty goes two ways, if the company can fire you for any reason, you can leave for any reason.

Remember that an "entry level pentester" (for example), traditionally would still have a lot of experience (think, years) in another IT role.

When they say there are lots of roles, that's generally who they're looking for to fill them.
That's also not really the case now -- a lot of companies have had big redundancy sweeps in the last year or two, so there are lots of folk with prior experience looking for jobs.

Okay, thank you both

And as for ,,, is it worth it then given I would be starting from scratch, and then competing against thousands who have lots more experience, certs and degrees?
I say this as a person with disabilities, so, up and finding another career comes with a lot of barriers.
So if I can make it work, train myself, is there a general agreement in people getting paid work?

.
So far I have Redditors that have said yes, but then a glaring amount of people point out that it sounded very saturated, with talented and experienced people.

You could look into apprenticeships if you are UK based

Canadian, sadly

Canada has jobs!

do you have local OWASP/security clubs you can particpate in

Hi guys, I am looking to move my career from sales into cyber security - is there learn on the job roles? Or better to study while i currently work in sales until I get X qualification?

Tbh this is the first I'm hearing this wording

Valid points, I appreciate it

I actually was just asking the same , you should only need to scroll up just immediately above yours

Hi guys u am recently working on soc2 compliance report anyone able to help?

Hey y'all, in the midst of a carer change from banking advisor/sales to cyber security. Here is my Profile/Summary and skills. I'm not sure if the tools I listed are under the right headings so any advice would be appreciated.

@undone shore Hello. 👋🏼
I think you'll have the answer to my question. Are you available?

Your resume should represent what you did in your professional life. Reading this makes it seem like you're already in Cyber, which from my understanding you're not. Misrepresenting yourself is a very good way to get blacklisted at organizations you're applying to. Your resume should be representive of your professional experience. For you that means documenting what you did as a banking advisor.

resumes are also supposed to be shorter then a complete CV

Yes, but people often use the terms interchangeably now

Hello there, do you know anyone in here I could contact about CTI and Red Teaming?

You spend quite some time in this channel so maybe you do know someone.

I might switch to a new role soon and I have a few questions.

I do not. To be more specific, with you being in France I think you're not going to get the advice you need here, as it seems France doesn't really follow the rest of the western world (ie needing a masters to get into cyber in France). My advice would be to look for local cyber groups, makerspaces, or hackerspaces (like C-Base in Berlin) for networking opportunities and more local advice.

exactly

study while working your sales jobs, get some certs and then look for Jobs in Cybersecurity

true and if you don’t have experience don’t list the profile section @coral token

For me i have 1 year of Work experience in Cybersecurity but i still don’t list a profile section

cause until 2 years you are a fresher

and a fresher hasn’t actually reeled in any actual results

true, a Resume should highlight work experience, where as a CV should highlight your Education

Tbh to get into Red teaming, it depends on your work experience, and if you are a fresher then you will need to participate in Hackathons Hosted by Big companies where you can show your skills and get hired.. one of the guys i mentored, did that and got hired by KPMG as a Redteamer

Cheers mate

I see alot of courses offering different certs - what ones are a must have? To start with anyway

can you name some courses

so i know exactly what you are referring to

cause some courses are illegitimate

and for recommendations it depends on which path you want to go, Blue Team (Defending against Hackers) , Red Team (Hacking), GRC (Looking at Regulations and Legal works)

Sure,
Google Cybersecurity Professional Certificate
Cybersecurity MSc
Coursera have a ton easier to add a screenshot but not able but link is:https://www.coursera.org/courses?query=cybersecurity (not advertising incase it gets flagged)

Along side websites like TryHackMe, HTB and Boot.dev

I like the idea of pen testing, but red or blue not really looked into the benefits / pros and cons of each

aaah those courses don’t matter

and don’t bring any value to your resume

but it does give you some knowledge

as a beginner

try doing the Google Cybersecurity

and also Certified in Cybersecurity by ISC2

gives you basic knowledge

from then on Learn in tryhackme Roadmaps

what adds value to your resume is Certifications and Licenses

Every Role has different Certifications

Ideal, thats perfect just so i know where to start and once i have these 2 certs could i look at entry level cyber security roles?

So you can ask me for specifics when you decide what you want to do in the field

Perfect thanks mate

should we move to dms?

Yeah bro

Any Red Team Operator in here?

Hi guys — long story short: I graduated with a background in networking, spent a year unemployed and didn’t keep learning, which set me back a bit. I’m now in an internship with a task to pentest a small network and write a report. I’m a bit overwhelmed; I’ve been Googling a lot and looking for tips and advice.
(For context: this small company has a little cybersecurity knowledge.)

Hm?

Have you ever encountered a workplace, company or maybe connections with people in companies where Red Team threat intel was a dedicated position?

Or is it a very uncommon thing?

Nah, it's fairly common

And would that person also happen to be an operator or just the intel part?

Dedicated red teams -- or bigger ones at any rate -- often split their job functions up.
People on R&D, people on ops, people on intel, etc, etc

Would depend on the company whether there are overlaps

Ok that's all I needed to know, thanks!

ChatGPT should be your favorite friend. Lol

I tried but not really helpful since it restricted alot of stuff

no no...
a CV is complete history of all your life experiences that you have learned from
work and education is the minimum version of a CV

Ooo

https://en.wikipedia.org/wiki/Curriculum_vitae

sources if you wanted those

anyone done that CCT cert from ec-council yet?

So I’ve completed THM’s SOC level 1 path. Any suggestions on what should I do next ? Get the a cloud cert ?

Ask your seniors for direction on the task. A pentest is not something I would put on an intern without oversight. None of us here are employed by your organization, and the organization would likely be upset if you received outside assistance as it broadens their risk profile.

Look at the THM rooms for networking ( I assume you did)
What is the IPs, ports, services. How are they using their account setup?
Is it AD? What access does the user you are testing with? Can you leverage access etc etc

You got this

yo, i m 16 year old, i started hacking 5 years ago (i first used to use termux and all) slowly i learned and now i am doing cyber security from craw.in institute (offline) and i am also doing try hack me and current rank is LEGEND, i have read books such as The hacker playbook 2,3, Practical guide to reverse engeneering, the hackers shellcode and i have doing scripting in python for 2 years and coding in c for 1 year, my course from craw.in is about to end so i am wandering what should i do next, i want to be vulnerability researcher, ------ Need Advices from you all, please help

Wow, good for you! Get in there 🙂

Hello

I'm back

From?

Get a job!

With that amount of knowlage you could get a good job quite easy

But it might start wih as a SOC anakyst

and move on to vuln analytics

i'll get a job at 18, i m thinking of learning more thinks and giving exams for certs..

https://www.orange.com/en/your-career-at-orange

Sounds like a great fit for you

or https://pentera.io/careers/ also a nice company with good employee policys

Is the ejPT cert worth it ?

helo

Bro you just made me question what did i do in last 4 years. I am turning 22, just started and having trouble wrapping my head around networking.

well basically it smalll company like 7 ppl total and there is no one know much about cyber so am kinda on my own, so i guess having some assistance in order to learn more would be okay (i assume)

thx man ill try my best

Gave +1 Rep to @crude burrow (current: #401 - 18)

Guys where can i learn HTTP from a cybersecurity expert?

https://youtu.be/8q5mc1AEtYo?si=nnFl9B2bYtVY7-_D

Thank you

lol sorry bro, some networking parts are pretty hard

Any advice ?

Buy the Cisco CCNA Certification book

Check out the CCNA 200-301 class on udemy

https://www.ciscopress.com/store/ccna-200-301-official-cert-guide-library-9780138221393

depends on what you're struggling with... Every topic need different things so it always depends on context and things its hard to give advice in general

at least for me that's the case

Someone just starting. Like thete are so many terms amd protocols. But if i could a diagram that shows everything in one place. It will help me visualize it

Hey has anybody here in the US had any luck with finding entry-level cyber jobs recently? I haven't seen many openings and haven't gotten interviews from anyone I've applied to, and I am straight out of college. I just got my Sec+ and just today got my SAL1.

It’s tough right now

Not just in usa either, in canada its bad too. big advice i was told was to keep an eye out for jobs that aren't explicitly labeled for cyber but effectively are using cyber skills. for instance an it analyst job that i found for a disability organization that i recently applied for;

so best bet is that i shouldn't even be applying for cyber jobs? should i just focus on applying for networking and IT technician roles then?

i wanted a help desk role but those haven't been getting back to me either which sucks because people i know got one, but i guess i'm not good enough...

paradoxically yes. Jimmy is correct, its tough right now;

there's about to be a backlash from managers learning the hard way what happens when the only security people they have are people they have had on payroll for a very long time though;

and from them not thinking through the implications of trying to get ai to do a job that literally is only possible by humans because the whole point is that humans are the source of the vulnerabilities;

so an llm no matter how well trained is not going to be able to identify the correlations as of yet that indicate someone is trying to bypass security because it can't learn about attacks that haven't happened yet;

i've heard a bit about the ai but i thought that was mostly swe. thanks for the advice, i was going to study real hard and take the cysa+ but i guess ill push that off and focus on the ccna and aws saa certs i've been looking into

it's kinda sad that college didn't mention any of this before i graduated. i didn't expect to need anything more than sec+ coming out to land an entry level role.

anyone hiring aws security consultants/contractors? I'm looking for a side gig of a few months, november-march.

Hey guys I was wondering if anybody can give any advice on how to become a security engineer

Hi everyone, 👋
I’m currently looking for IT/Cybersecurity internship opportunities in the USA, specifically around the DMV area. Would anyone be able to take a look at my resume and give me some feedback? I’d really appreciate it!

go to LinkedIn trust

I’ve been watching HeadlessHeadhunter on YouTube for my resume

hi guys im a senior in high school right now so i’m getting ready to submit college applications. i feel like my extracurricular activities and supplemental resources are lacking and i’m worried about my chances to get into some good colleges.

right now i’m in a specialized academy within my high school that focuses on programming and i also do some CTFs and produce my own writeups for them on my github. i don’t have many and i want to expand these.

what would look good on my resume / activity list that i could submit in my applications that would let admissions staff know that im dedicated to computer science/cyber security?

I will have a look on it. thanks.

Gave +1 Rep to @elfin girder (current: #3167 - 1)

.

Guys I am willing to start my career in cybersecurity.where can I learn ,any resources ??

You can start here for free
https://tryhackme.com/resources/blog/free_path

👍

well havent you done it all

Certs

Uh prolu cuz u got nothij

Sec+ is a ez cert

Entry level

Sal1 is unkown by HR

You need a IT job or to do projects

And mby have someone review your resume

i have a couple of certifications that i acquired through my school, but nothing that sets me apart for cyber security. i feel like i don't know enough right now and i won't be able to learn and study before admissions deadlines

Im also in HS

And i am sort of in the same boat

Get industry grade certs

Like the sec+ and ccna and stuff

It proves dedication

What certs do you have?

i have unity certified user, unity vr developer, microsoft access, and IC3 GS6 master

Hello! Curious if anyone knows of an upcoming Capture the Flag (beginner friendly)? If you’ve previously completed a CTF, have you found it to be helpful in your career development and/or job search?

Hi guys, I hope you are all doing well. I’m exploring research areas in cybersecurity that could help me get into a top PhD program and also build a business in the field. Could you suggest which topics are most impactful right now commercially?

Those arent industry grade cyber certs

Those are cool tho

I have a question: is it more advantageous to get into a very good university and graduate in the cyber security industry or to go to an average university but get certificates like Security+, OSCP, AWS cloud?

the thing is that im trying to find myself an idea for my final year project in cyberSecurity+Ai can you guys suggest something? i have a week only

heya

Why would you not do both

Like i dont get the question

If u go to a good univetsity

You still need certs

But like why not just go if you get in and money isint a issue

But if its just for fun you need certs :/

No wau around that

What I'm trying to say is that the time I'll dedicate to cybersecurity to get into a good university will decrease, and certifications will be delayed. If I'm going to get into a mediocre institution, I'll have plenty of time left to study cybersecurity.

Also financial problems, a good university is more expensive

But actually you are right, it will just take a little longer but I will get the certificate either way.

Me personaly I dont think going to a good university matters very much

It will help but I dont think its worth selling your soul and going into debt for

Might be pissing in the wind here...

If somebody built their own cybersecurity homelab complete with SIEM, logging and made a secure home network and all that sort of stuff but had very little IT jobs in the past or certifications, what chance do they stand of getting an entry level SOC job?

There isn't a straight answer for this one (as there are many factors with the condition of the job market having the most impact), but this can certainly be of help.

thanks 🙂

Having a home lab and being able to discuss in detail what you do with it in an interview really can boost your outcome. Being able to configure/use a SIEM goes a long way in SOC roles, as long as you also know how to use it. Certainly try to replicate intrusions and try to detect them on your own systems, consider making a blog and writing up your findings/activities, and maybe doing writeups of THM rooms. Even summarising your activities for your own notes/learning can go a long way if you don't fancy making detailed notes all the time.

Also, don't hesitate to apply for helpdesk/tech support roles when you're looking for jobs. Also, go to events, meetups, conferences if you have a chance and make connections with organisations there. I'd suggest reading the Tribe of Hackers books. They're a series of interviews with experts for various cyber roles. The author discusses them and his experience in the Darknet Diaries podcast episode 83
https://darknetdiaries.com/episode/83/

So in otherwards while you're knocking out certs/practicingTHM/pursing a degree, getting a helpdesk position in mean time is worth while? Also Does having a security clearance help land a SOC like job? @rugged delta

Well when you're studying, ideally you'd be spending as much of your time studying as you can. Obviously many people need to earn money to live so perhaps a helpdesk job, even part time might go a long way. If you're doing a degree, for instance, time might be tight for other timesinks, but it really depends on your individual needs and resources. As for having a security clearance helping you land a SOC job, I'm not in the US. There may be benefits to it, but you'd have to discuss that with your potential employers. Also, if you do start somewhere on a helpdesk, this migh open other opportunities internally in that org

I'm job searching currently and a lot of govt contractor positions seem to require a TS/SCI or at least a Secret with an ability to get a TS/SCI whether it be a Help Desk role or an analyst role. You can view these jobs at usajobs.gov

Some want a polygraph too. I guess the contractors really just don't want to pay for someone to get the required clearance.

Shoot 4 years ago I knew someone who got a TS/SCI Help Desk job as a straight civi with only a Sec+ but that doesn't work anymore apparently

its possible still the military is really looking for Sec+ and experience

The military is part of the government, of course, now other gov jobs, I'm not sure.

@elfin girder I see thanks for the info, I have a secret, I had no idea there’s government contracting jobs that specifically look for them

Gave +1 Rep to @elfin girder (current: #2084 - 2)

yeah i've got a secret too, b.s. cybersec, and a sec+ and got rejected from multiple help desk contractor positions alr so good luck brotha

thats unfortunate, who have you tried to work for?

Why they turn you down did they give you any feedback? @elfin girder

No

I’d have to look I don’t remember right now sorry

I’ve applied for a lot of jobs…

np

do you only want to work as a contractor? i know its a better position

No, still waiting to hear back from an SEL

I’ve applied for leidos, trace and booz Allen. We will see what happens

what certs do you have

Non, scheduled my sec plus for December, I have 8 years of military comms/IT experience which is typically what they look for

From personal experience, hardest part about Sec+ is the business stuff (BCP, BIA, DRP, etc.)

Good luck on that

25B?

u didnt manage to get your TS?

or 25U

Yes 25B, TS/SCI is in progress, may take a year @dire egret

ah

u still in the army or out

Are you guard?

Reserves

were you ever active?

Yes for 5 years

🫡

25B is the best MOS

Absolutely, tons of opportunities for certs, wish I took them sooner

I agree I’d say if you want to be an IT guy out of the military it’s your best bet. 17C is more of a hacking mos but they rarely actually hack anything or defend since contractors do it now.

IM SO CONFUSED ABOUT MY CAREER PAth

idk what to do with my career path anymore

Its either I take AI courses or I take networking courses

its either I wanna hack people legally and help them or create an ai for companies

I need to find a stable career path for me to earn good money and also enjoy my work..

Red team, join us😈

Jk

Idk im new too but i chose red team

Hacking is fun tho..

U might want to choose btw blue or red team or network

and I primarily want to work at a red team

Build it or destroy it😈

Ywah ik

destroy what

Nvm

I chose red cuz im want to break things legal way😈

And get paid👍

Mostly yeah you wanna get paid

but remember the real purpose on why you join the red team

its not about the money(YES IT IS BUT)its about helping others

Find bugs

Ye

AI might not be able to help in complex cases

because even if they tried to, they will change one thing and the other codes will get disrupted

I think

Same

Do you want to be hands on or not. Networking at least a network admin are hands on with stacks and servers red teamers and blue teamers are less hands on more on a computer obv

hands on

https://tenor.com/view/hacker-gif-19246062

Be a network admin then I find it fun I also find hacking fun but network is fun because you get to actually see and touch the servers physically

Hello all, I have a portfolio question. I'm currently trying to create a SOC Analyst portfolio since that seems to be the best way I can show exp outside of having exp in the work enviroment. I'm planning on trying to use TryHackMe SOC sims for exp and wanted to know is there a good portfolio style or layout to use to show I ihave exp?

Guys opinions on pentest + ?

Hey, I want a suggestion which burp version is good the latest on or a specific version ( as old is old )

i need flag 16 and flag 17 on windows local persistence >>>? help anyone please

Take it only if your job requires it , any other cert is better

in general avoid certs if a job doesn't require it. and if a job does require a cert, look into job programs that might cover the cost of a cert if you can prove that it would help your career so you can get certified without needing to pay for it;

Hello, has anyone gone the route of doing volunteer work to gain experience as a SOC?

This is going to be very tricky. It might be best to build your own lab with open source tooling like Wazuh than finding volunteer work as a SOC.

Only big organisations can afford their own SOC because of the required investments and I'm not certain if there would even be internships for it as they are dealing with confidential or sensitive information most of the time. I'm not saying it is zero, but there might be very little opportunity that you will come across.

You should certainly follow the SOC training in THM, and consider the SAL1 certification, and complete several of the rooms on the topic. There are other certifications like the CCD and BTL1 that are often considered a godd indicator of knowledge in the field

Hey can someone please suggest me vulhub machines, I am most concerned about Windows machine rather than Linux !

Can anyone please say what type of projects should I add if I'm a fresher
Applying for
Risk management and compliance role
Please

https://medium.com/@0xcrax/5-outdated-cybersecurity-skills-to-avoid-by-2026-and-how-to-adapt-with-labor-market-e197a2aed5ef

Question. I'm trying to get my Sec+ cert and was wondering if anyone had some study materials that they could recommend? I already know of Professor Messer and a few others as a start but was curious to know if there was anything that someone who has this cert really found useful. Thanks in advance!

When I took it most of it was pretty basic like the stuff you can just Google. The hardest parts were the business documents and loss expectancy like BCP, BIA, SLA, etc. and SLE, ALE, etc.

I used this book tho which covered everything: https://www.amazon.com/dp/B0CM13W88J?ref=cm_sw_r_ffobk_cp_ud_dp_E7KGVKZPD37E1C3W5ABX&social_share=cm_sw_r_ffobk_cp_ud_dp_E7KGVKZPD37E1C3W5ABX&bestFormat=true&csmig=1

I mean $10 isn't much compared to the $400 the exam costs + it has a practice test

👍

:hammer: exhibit_de_hacker#0 has been banned.

hey guys, im currently pursuing a cs degree and lots of what im taking is AI heavy.
lately i was interested also in cybersec and wanted to ask yall is there like a roadmap on how to begin or which online courses to do? ( there are lots of different yt videos with differing opinions so im lost XD )

im planning on completing msc at my uni so i want something that isnt so time consuming but also can give me solid grounds if i wanna pursue a career that merges both AI and cybersec

thanks for the help 🙌

Do internships bro 😭 nobody will take me cuz no experience

poke around here to see if you can find a roadmap that fits what you are looking for: https://roadmap.sh

Pointless unless someone paying for it

I'm trying to go for cybersecurity or programming positions. I heard that learning SQL and getting certification like Microsoft Azure data fundamentals can help you get one. Maybe just learning SQL and building projects is enough, and I should focus more on the PSAA or the PHDA when it's on sale.

Any Aussies in here have an opinion on the Certificate IV in Cyber Security?

Programming and cybersecurity go hand and hand so it’s good idea to learn both

Hey guys, been in the web dev industry for the last 10 years but I’ve always had a passion for security. With sec+ and opsec+, would it be difficult to get a role as someone who contributes code within a security context? I don’t want want to stop coding? Even if it’s something like devsecops

I can tell you what not to do 😄
I am a CS graduate with CompTIA sec+ and Splunk Certifications yet, I applied for 40 jobs and I could not even secure an interview.

a recruiter recently told me i need a pen test cert for the blue team positions i been applying for

for context, i applied to a jr soc l1 analyst position

i also already have 2 other certs im studying for - ccna (in place of net+) and cysa+ - like im unemployed and this is expensive 😭

I wanted to ask if anyone knows a path which will teach python coding from scratch with cybersec perspective any tutorial or link

im trying to 😪 , even tho i have some traits ( started bsc at a young age ) my uni rep isnt the best nor is my gpa ( since i had to do both school and uni at the same time + unseriousness ) so landing one is pretty hard

tysm 🙂

i'd be happy to hear XD
sorry to hear that

Yeah they're super competitive. I wasn't able to get one. GEs messed up my GPA so for most applications it was < 3.0. The only people I've seen get one had 3.6-4.0 GPAs, were a part of the Cybersecurity (and more) clubs, and had various certifications (aws, sec+, etc.) which i didn't have time or money for then. But those are the same people that landed jobs straight out of college, so it might be worth trying to turn around 🙁

Well that and their resumes were extremely good. Like, I didn't know how to make one and I still kind of don't know. Headless Headhunter seems to know his stuff tho on YT so I've been using him as a resource recently

the thing is i dont know anything about cyber yet
atm i have solid grounds in the DL/ML branch which i hope to be able to merge into cyber 🥲

Frankly the job market is crap. ( Inflation, AI, etc)
Only thing one can do is : Certs, projects and the most important networking as meeting and talking with new people who might know a job)

I have no place to tell you in that regard, but security+ and tryhackme could be a good place to start? Maybe somebody else could speak up on that?

Definitely this. Join meat-world meet ups locally with players in the field you want to get into. Get projects done to show you’re worth hiring and certs to cover the hr or compliance checklists

Hi am new here

Hey everyone!
I currently work full-time (35 hours a week), and I’m thinking about starting an Open University course next year in cybersecurity — probably something focused on blue teaming. I’ve been offered full funding, so I wouldn’t have to pay for it.
I’m just unsure whether it’s better to go down the Open University route or focus on certifications instead. Has anyone been in a similar situation or have advice on what might be the better option, especially while working full-time?
Thanks in advance!

Done!

https://tryhackme.com/resources/blog/soc-analyst-interview-guide

just wanted to thank Ben Spring for this lovely article! i don't know if or when i will be able to find a soc analyst job, but if i do this answers pretty much all the questions i've had so far in preparing;

if i don't get any luck soon though definetely going to try for sal1 if only just to have something to do besides sending resumes and coverletters to robots in the hopes someday a human actually will read it;

Looking for a remote jr software developer position if anyone knows of any please think of me thank you!

IT experience? Certs? Degree?

https://weatherza.deno.dev/

rate

form 10 points

Hii

I need help,I am a beginner

we all are

Anyone got a job for me remote 10 year experience as a system admin trying to go into cyber 2 years experience using Kali Linux / school

Anyone can help with IT support job advice in the uk ?

You can ask any questions you have here

Just need help on how to look struggling to find them etc

You shouldn't limit yourself to just support/helpdesk roles. Look for other IT/cyber roles as well and see what skills they're looking for and if you're able to do most of what they're looking for. Check LinkedIn but also check other recruitment sites and recruiter's offices in your area. It's a competitive environment but keep searching. If there aren't suitable roles in your area, you may need to consider going further afield and/or improving your skills in various ways

Uk job market is dead..
Have u got a degree/ certifications ?

whats the general consensus on the sec+

any advice or info would be appreciated

good to have and it might give you some advantages while applying for jobs
its theory and got to memorise many things.. not practical hands on.

I would say pursue certifications while doing the course bro, CEH certs are like the only thing companies look for even if it's useless😂 my mentor told me that if u wna put ur foot in the doorway of cyber security u HAVE to have the CEH cert so it's best u do both side by side. It's my opinion u shld consult with more people tho maybe someone who knows abt the course you are going to do

Tysm

Ur welcome bro

Only in India, and very occasionally companies elsewhere.
Most of the world has figured out how crap CEH is at this point.

a recruiter for purple/blue team positions told me to go for a pentesting cert so i picked ejpt and am studying for that. was that a bad choice?

:mute: golden_mango_95081#0 has been muted.

Yeee tru that's why I told him to ask around. But what's Indian companies obsession over CEH😂 😂 😂

God only knows. I'm guessing it's because EC-Council are India based so presumably have the most influence close to home. You'd need to ask the companies to get a definitive answer though

Comptia is coming out with a new cert for AI called: Comptia SecAI plus coming out in 2026. What do you guys think ?

super unnecessary and a cash grab

Hi

Truu

Wsg

Might be good but for me personally I need some dfir cert or RE and malware analysis cert like the one OSCP had but less expensive

Yeah. I might try to get it. I think employers here in the states might make it big deal for employment.

Ya tru AI is a big part of cyber security

Hello everyone , i want some guidance on my current state of my career , i dont know if i have enough knowledge yet , i dont know if i should keep going and when to apply for a job and all this , i was wondering if someone can help me figure this out , idk if i should send my resume here or what XD but here is my thm profile https://tryhackme.com/p/Deku69

following up this , i work currently as a technical support engineer and my current goal is to land a job in the cyber security filed , my goal in general is being a red teamer

Hey guys, I’m new to cybersecurity, so can someone tell me what I should start with first — networking or operating systems?

Does anyone recommend any good written/video guides on creating a SIEM homelab

You shouldn't need a video guide if you use Wazuh. Extremely simple. Run one command to install the manager (Free pre-configured SIEM built on the ELK stack) and then go thorugh the Agent Manager to configure a single command to run on an agent to add it. Only additional stuff you may need/want to do are installing sysmon (Windows) and auditd (Linux).

I would just use a plain old hypervisor or docker set up for this.

Hi everyone I have a question, idk if I’ve asked this before but, obviously everyone knows that learning everything in cybersecurity is impossible, however, when it comes to pentesting and making it a career at a company, would you recommend being specialized in a certain area? Or be good all around? Or simply be good in one area, and in your free time (if you would like) try exploring different specialized areas

Hey everyone, has anyone finshed google cybersecurity course?
I dont know where to focus that course or thm more

I

Dont know

Got it setup, thank you! I'm just learning basic logging for now to put on a resume but I'd like to do simulated attacks in the future

Gave +1 Rep to @elfin girder (current: #1576 - 3)

I have my Ubuntu server setup but the VM performs very slow and it doesn't allow me to enable virtualization

I had this issue with my Kali Linux VM but fixed it by just downloading an image online but can't seem to find one for Ubuntu Server

Hi everyone I have a question, idk if I’ve asked this before but, obviously everyone knows that learning everything in cybersecurity is impossible, however, when it comes to pentesting and making it a career at a company, would you recommend being specialized in a certain area? Or be good all around? Or simply be good in one area, and in your free time (if you would like) try exploring different specialized areas

With the current market, you'd better be decent in all aspects of pentesting.

Hard to be a champ at everything, but some solid knowledge in each aspect goes a long way.

In your opinion, what should be the main things I should focus on if I want to get employed as a pentester? What I mean by “focus on”, I mean like web apps, networking, etc.

From what I personally noticed by trying to get a pentest job, is that entry-level pentesters will most likely get web as a starting point, but that might not be true everywhere and depending on the demand.

So overall I should have at least a basic foundation of everything?

Obviously not being great at everything

That's a must. Not only that, you must be decent at everything in pentesting.

But when you talk about decent at everything, what could possibly mean everything

Active Directory, Web, OS, Networks...

Ah okokkkk I understand what you mean, realistically speaking, how long do you think that would take?

Pentesting isn't an entry level position. People usualy do months/years of Help Desk / SOC before getting into it.

Very rare are the cases where your first ever job is a pentester.

So, at least 6 months to a year of practice, I would say.

And that's assuming you aren't competing with people with OSCP who also aren't able to find a job and would most likely be more qualified than someone with no certs.

Ah okokkkk, I get what you mean, you’re saying there’s a higher chance someone would get employment at a company if they are an SOC analyst then transfer to pentesting, rather than a person going straight into pentesting?

Assuming you're someone straight out of school, yes.

Ah okokkkk

If you have OSCP and 3 years of prior experience, that's another story.

Ah okokkk, well thank you so much for your help man😇

Wait but DKob, I asked the same question on another discord server, and they said it’s best to be a specialist in something because a recruiter would much rather get a specialist in a certain pentesting area rather than a generalist

Is that true?

Yes, but that usually isn't the case for junior positions. Can't really hire an expert in AD as a junior position. A specialist is an expert. Can't be a specialist as a junior with no prior work experience. ¯_(ツ)_/¯

Ah okokkkk, so for junior is better to be decent at everything, and for an expert it’s better to be a specialist

Logically, yes.

Realistically, as a junior you are not going to be decent at anything. If you were decent at any domain, you'd be mid-level at minimum. Junior roles are basically familiar with a small number of domains, but it's expected that they do not have depth of knowledge any where.

Hello everyone. Have a question. Besides going thru the Jr Pentest learning section on Tryhackme, what are some other ways to study for the PenTest+ certification

A lot of people are recommending Professor Messer on YT

Hey everyone, I am a mid-level web developer, but I want to learn cybersecurity. I’ve already learned some of the basics of networking and a few Linux terminal commands. My goal is to learn cybersecurity so I can offer it as an add-on service alongside web development.

I’m currently learning through YouTube, but can anyone suggest a good Udemy course or any beginner-friendly course? If there’s a great YouTube channel for beginners, please share your thoughts.
Thanks,
Suffynux

hi guys
anyone know about how to do penetration testing for web application

Portswigger academy.

It’s free

I had been trying to get a Job as Security analyst but kept getting rejected for lack of experience

so i have been suggested to go into ICS and OT Security

Can you guys suggest me if it is a good decision? and any study materials for this field that i can find other than CISA courses

even for me also

Really? I do sub to em on yt. But haven’t really fully listened. Any others?

is there anyone that is a soc analyst i was wondering i have a second interview lined up as a jr soc analyst role and i was just wondering what areas should i focus on and what will they ask and its an emea

You can check out Google Career certificates on cybersecurity. It's on YouTube too.

I got it but it is 2 years old but it gonna be worth, thank you so much!!

Gave +1 Rep to @jaunty quest (current: #3189 - 1)

I will enter university, but I love cyber security. Should I enter computer science as a university major instead of the cyber security college? Because my teacher said that cyber security is a major, not a field. I also believe that cyber security depends on side certificates, a creative major.

cyber security is a major, not a field
🤨

Ur teacher tweaking

Im looking for a certification related to securing AI programs/data using AI configurations.

Are there any certification recommendations yall have from trustworthy vendors? I found some misc ones online but they are not well-known vendors, or they are certificates for a specific vendor product.

i think that's built into ai certs like ones from aws but they don't advertise it

Guys i am struggling to make any money , What can i do ?

Best way to get money is by getting a job

(So I would apply to some jobs, that you are able to do)

Guys, is a bachelor's degree really required for Helpdesk positions these days?
Especially entry-level and tier 1 support.

i've seen a lot of positions near me that only ask for an associate's or higher. i've seen some that say highschool diploma but they didn't do anything complex at all, probably not much to learn and definitely not much pay.

source: i've been job hunting too 🙁

all the government help desk jobs have been asking for bachelor's or master's even for tier 1 and most times also coming in with a ts/sci

Hello there I am a beginner and want to learn cybersecurity can anyone guide me how to start learning?

did you read #start-here

Hey, hope you all are well, I wanted to know if anyone could assist me please, I am busy with an assessment for a learnership for very well known firm here in my country, I managed to succeed from level 0 - level 7 but I have been stuck on Level 8 for the last 5-6 hours

I wanted to know if anyone could assist me, perhaps take a look at it in a call with me provide me with some advice please

We cannot help with assessments here

Understood, thank you

Learning TryHackMe rooms and started studying for my CompTia+ whilst working full time

Any advice, I watch Proffessor Messer and I am on the Networking Room on TryHackMe

Just do all pre security and security 101

Prof messer is great to get foundations that are not convered in thm

Hello Hack the box and try hack me who is the beetter for security engineries??

the best is to make your own projects or work on free and open source software;

hack the box and tryhackme are both great tutorial providers. but real hands on experience is always the most valuable in tech;

imo tryhackme has the edge because it has the better community and because it uses the tutorials to show examples and then allows you to build your own homelab using those skills you gain from the tutorials to be able to apply the learning towards real goals;

Has anyone ever conducted a TLPT?

Yes

Can you help me the process whichbyou followed? Also what frameworks did you adhere to while conducting TLPT?

Are you testing a bank or something? Are you from EU?

Not exactly. I'm trying to understand how traditional pen test differs from a TLPT focused on EU region.. I have to draft a test plan for financial institution so looking for better clarity

Is that due to DORA? I recommend TIBER-EU

Yes..okay

Also the testing time should be around 1 year only as TIBER says or we can close the testing in under 2 weeks?

https://www.humblebundle.com/books/cybersecurity-month-oreilly-books

For those looking for books, great collection of cyber topics;

Check out #bookclub for more recommendations 🙂

Is it okay/normal to ask the recruiter for interview tips? Specifically since I'm going to have a "technical assessment" for my next round, I asked him for tips for the format or what I might expect from it?

thanks will move it there;

Gave +1 Rep to @rugged delta (current: #18 - 542)

Hi

I am new in security world. I want to learn hacking. Any tips???

It's okay to post it here as it's still relevant. It looks an excellent collection

Scammer

Does anyone know of ways someone could get unpaid experience as an intern in cybersec?

Yeah

Try the virtual internships on theforage

They're basically just labs - But you can add them to your LInkedIn

That, and if you adjust your CV to include hands-on experience with tools that you've learned while doing THM rooms then you'll look better than someone who just says 'I do THM rooms'

If you say like:
Hands-on experience:

• WireShark
• Windows Forensics (OSQuery, Autopsy, etc)
• Wazuh
• Sentinel

Etc

If you contribute to open source tools that's a good one too, but for more experience I'd suggest setting up a Wazuh instance on your home network. I have my wazuh running on a laptop under the sofa for instance, and just have agents installed on devices. If you have a proxmox homelab set up that's also something to show off on a CV as experience with tooling for penetration testing and defensive security if you also patch/make SIEM rules for the attacks.

@daring vapor

Besides what Silastic already said you could also work on some projects yourself to add them to your portfolio - in example build a keylogger or a portscanner, there are plenty of examples on the internet. It really depends where you want to go in cybersec. But whatever you do, document it, make it presentable and take as much knowledge with you as possible.

Hey,

If this ain’t the right place to ask kindly ping me. So

How is the job market for Digital Forensic in Canada?

I asked because after browsing online, it doesn’t seem very specific. So I’m asking to gather some anecdotal data

@stoic cave Also if you’re okay with it I’d like your advice on something

Yeah

@keen tundra or @obsidian rose

Crypto scam

I'm new here, does the program get in to web3, blockchain, smart contracts too? I'm not looking to skip my fundamentals, of course, this is just a curiosity when I do get to it some day.

Any suggestions for upgrading my first homelab that currently just uses Wazuh for file integrity monitoring of a Windows vm

I have a question regarding my personal case. Let's say I have no tech background whatsoever, and just about now discovered a passion in the cybersec fields. I've been grinding THM being overly optimistic. Can someone take my head off the clouds and tell me what my real chances are, assuming I study like someone's pointing a Glock at me?

Continue to grind and grind if you can, and if you have the option, attend a technical school and go for a Compti Security+ certification. The route is different for everyone though. Just know that employers like when you have practical experience and certifications

I meant to send this as a reply mb

This is strangely motivating, thank you. I thought I was chasing fairies here. I LOVE the idea of cybersec, but with 0 background on it and forming myself brand new, I'm making some risk assessments before investing too much time in it.

Would yal say comp sci or comp eng is better for cybersec (US btw)

Both are very beneficial so you could choose either really. Comp Sci is a very broad topic and you'll cover a lot of similar things in both branches. Comp Eng is really about problem solving, especially for large scale systems. Both will involve plenty of programming, networks, etc and both will be an excellent foundation allowing you to develop the skills and passion you need to develop for cybersecurity

There are also cyber security degrees. I got a BS in it

i've been contemplating asking this, as a noob XD, so a bit background, (not to bad experienced developer (daily work)), but want to make a career change (as i don't know all the terminology and finding it out now, and started with tryhack me is it possible to build xp do the pt1 and or soc and build some xp in the field (lets say about a 1 of self thought xp) to then start looking at making a career change or will it be better to finish the tryhack me then do like idk CompTIA

I dont like those

There's no such content on thm atm

where should I use go and rust in cybersecurity?

How hard is the CompTIA sec+? I’ve been studying for about 2 months and I feel like I’m ready to give it a shot

Easy. Study what documents are used for what (BIA, BCP, etc.) and study loss expectancy (SLE, ALE, etc.)

Afaik, automation is primary priority in cyber security when it comes to programming . If not then probably developing new tools.

hey everyone
Need advice ! How much time do i need to invest on thm ! , as i am collage student with strict attendence and due to the distance i lost few hours of my day in travelling , i dont hold much on thm , just 2-3 hours and somedays i even skip... what other resouces online best to go parallel with the flow , as i am beginner with good linux command and currently web3 validator ... so yeah good with linux

i am currently learning c and python & bash scripting too ,
do i need to study for the certs or complete some paths on thm then give it a shot!

May I send my resume to anyone for review? I'm trying to break into IT/cybersecurity without a degree so I'd like it to be perfect for what I have

You should give as much time as you can spare. Obviously you're interested in cybersecurity, but it's understandable it takes a back seat to more prominent things at the moment. Make progress at your own pace. Completing paths should be a goal to help you learn and progress, but don't feel pressured to prioritise it while you're busy with college. Having it as a pastime/extra-curricular is fine at this stage

If you remove your personally identifiable information and take a screenshot of it, you can share the image in this channel and people will give you feedback

Hello, I was wondering what is the diff between free tryhackme and the prenium one? ( And is it worth to buy it)

Microsoft Entra, Defender, Senitel - Do the Microsoft trainings for these, there are free labs. No need to get the cert before the workplace pays for it. Just show you have done it and are familiar.

A lot of companies have something with SIEM today and XDR. Learn about this also to put on the resume.

Put something on our github. not that important what it is, just something. @torpid lantern knows what he's talking about.

See above, to lazy to change quote

I got a degree in html

Hello everyone — I'm a final-year student and I'd like to ask for ideas for cybersecurity graduation projects that are easy for a beginner. I know a little Linux and networking, and I'm reasonably willing to learn anything new. I was thinking of creating a honeypot — what do you think, is that a good idea? Give me your opinions and ideas.

Should I bring copies of my resume to an on site interview? Title is “information security engineer”

Hi. Always do that just in case they do not have a digital or physical version on hand. Or you could always have a digital version on your phone/ tablet. I have gone into an interview once where the HR person did not even bother to print one out and had to use mine.

Gotcha. Thanks!

Gave +1 Rep to @boreal latch (current: #3195 - 1)

guys how u will be finding the buys in web application
if there any best bug bounty course avalaible

tell me also in need of that😅

Well, you put your cybersecurity knowledge to work

and you try to find some bugs

im not too familiar with bug bounty but i think https://www.hackerone.com/bug-bounty-programs provides companies that give out bug bounties

first need course bro😭

Yes ,on YouTube there is

yes bro

career wise, if you're a student should the focus be on learning red teaming concepts more?

or should u focus primarily on blue teaming

Whatever you enjoy more

Not a recruitment server.

hi i would like to do some online courses in my free time to learn more about cybersec, do u have some recommendation?

whats a good tryhackme room I can complete, preferably challenge, that I can use as an answer in an interview when being asked of a time I displayed skills, looking for a well rounded room

https://tryhackme.com/hacktivities?tab=paths Look here and grow your skill

do the quiz of what the ideal pathway is for you

and start

Hi I am a 7 year full stack dev. I am switching to being a Security Engineer. Whats a good learning path, courses and to be able to fully hone in on the skills required to be able to interview for careers with Security Engineering?

I know THM has the security engineer path. I’m just wondering if that sufficient enough to hone in on the skills required of Security Engineers.

You could find a reliable path in roadmap.sh. Currently, im learning the most important basics and terminology in cybersecurity. Its my personal advice for you

Then you could ask some AI for example DeepSeek to build a plan for becoming SecEngineer or some skills that required in it

There lot of open source info about security engineering in YouTube

Have notes of anything that is complicated or undiscovered to you and after a while come back for notes and ask Google or AI to explain it to you shortly enough to remember

Wish you all good

I initially thought that but the cybersecurity path they had there I felt might be too broad. I felt like some of my transferable skills for cyber could be good Security Engineer(general), AppSec or DevOpsSec

How is DeepSeek btw? I use Copilot a lot but I kinda hate it. Only think is I have trained it a bit and I don’t love the idea of starting over unless the AI is way more helpful

DeepSeek gives expanded and detailed description about anything you ask

But you can always ask to make answer short enough

You have any issues with AI Hallucinations?

It seems to but cybersecurity is very complicated path to explore so 300 blocks deserve your time

Yea that was the main thing that was deterring me from that path on roadmap.sh. It felt like an overkill for what I was looking for.

I dont get it, sorry

It is but its seems to overkill that stuff when you just started

By the time it'll be easy to get

Hi Folks
Hope you’re doing great

I am pursuing my career as either soc analyst or junior pentester

I recently graduated and worked at the same time as a System, Network & security administrator for 3 years.

Do you have some advice on how to improve my experience and eventually find a job in this field ?

Does anyone have recommendations on Rooms-Labs-CTFs that can actually help me and maybe pass a certification as well ?

I’d really appreciate any advice.
Thank you ! 🙏

Please feel free to reach me in DM or here

I'm currently doing a levels, would ICT be good for cybersecurity and then do an apprenticeship after a levels be good to go down the cybersecurity route?

anyone have a good source for cyber intern interview questions? specifically pentesting

Using wire shark i captured a web traffic like tcp ,udp , http, https etc
I want too decrypt the encrypted data of website like www.example.com so i search how to do it and i got an ans like use sslkey.log for decrypting the https encrypted data
Its working
Now the qst is there is any other way to get a decrypted data of a https website not http
Does anybody have an idea

Does anyone know of any services like THM for learning how to use Python? I've done some video courses on Youtube but I always learn best by doing hands-on stuff, so something like THM would be really helpful (and preferably, it'd need to be something that's not too expensive, I'm pretty broke from learning at this point and can't even get an interview)

Codecademy

Oh nice! I think I got Codecademy mixed up with FreeCodeCamp and thought they were primarily a YT channel. Will definitely look into it, thanks!

Gave +1 Rep to @keen tundra (current: #1 - 5983)

Fcc is also great resource btw 🙂

I agree, I've gone through a little bit of their material and it's well-made! I just like hands-on learning when I can get it; I noticed I learned a lot faster in a few months of THM than in almost two years of more traditional learning haha

Cause thm is structured beautiful

anyoune here has a career in robotics and can guide me (i am currently in 9th)

Has anyone here done BSCP?

Hello all, just had a quick question for anyone.

I am new to the cybersecurity world in the aspect of pursuing it as a career. I have plenty of experience with electronics and usually am the "go-to" person when it comes to technology.

What I'm struggling with is what home labs I should implement in my home. Like what is practical that I could use everyday?

I am working on A+ at the moment but I feel like I should skip that and go straight to net+. I am trying to find an entry level position that will accept me on the Army's Career Skills Program, as I am transitioning out of the military and will be ready to work as an intern come February 2026. Any help/advice is welcome. Please feel free to DM me or reply to this message so I see it.

Thank y'all!

hello, i need help from someone in india.. i want to pursue cybersecurity as a career and need some guidance.

In college

?

hey i'm looking for a mentor or for someone to help guide me in currently in my second year studying for cybersecurity and forensics BSc and i need helping pushing out stuff that i can fill my CV/resume with to help me get a placement year (year in industry)
im from the UK
any help is appreciated however small or large of advice 🙏🏼🙏🏼

still working through cyber101 path , but was wondering when would be a good time to start focusing on working towards a certificate and what certs should I be looking into isc2 ? comptia certs ?

I set up a raspberry pi with a linux system setup , so I have something cheap an inexpensive to hack from my laptop . I can always reset it and start over and it gives me something I can experiment on with out messing up my everyday gear.

Hey! I think I can help a little

yess pls dm

alright ill dm

@vague mist okk

Hey I'm currently pursuing my masters in Cybersecurity, feel free to DM me, I'd be happy to help..

for sure ill dm

Please what is the green word that pop's up

what do you mean?

Stupid(ish) question incoming; what's the rate for a full on penetration test? Like, if a client comes up to you and asks for a pentest on their network infrastructure how much or how would you determine the charge for the work?

Does it go by tiers? Like certain tests go for this rate?

There must be so many variables to answer that question.I think so particularly

What would be a range, guess you could say

$700? $40,000?

$20 lol

$20? In my country, that barely covers the premium registration fee for the thm🤣

In the 3 or 5 digit range
1,000 to 100,000 - it should depend on the scope, scale, type of business, those things, I think.

What kind of crazy pentest does the client expect to have them shell out 100K?

Would that be like a team engagement situation?

Man, I don't know, think about it with me—the world is big, there are all kinds of businesses, and for some people or companies that have "special" data, $100,000 may be nothing—the government is an example of this. Besides, you have to be the best of the best to charge something...

also

So it's a go big and win or lose and go home?

You're oversimplifying, lol. I'll abstain.

I get what you mean tho

Was referring to the part of best of the best

yes, that's exactly what you said. Win or leave.

It makes sense

Do you work in this field?

No

I do volunteer bs here and there tho

I've never heard of anyone doing volunteer work in that area. How does that work, if I may ask, of course.

I volunteer for a federal department

But its not consistent

Its like, contracted

Wow, that's so cool! My dream is to have an opportunity like that, lol.

Even so, it's an incredible experience.

It's both stressful and rewarding

I think I'm going to refocus my studies on networks. I've been reading Tanenbaum and James Kurose & Keith Ross. Many people around me keep saying, "Study networks, get a solid foundation," and I think I'm falling short in that area...

I can't help you in this ig .

Iam new too

ah no issues imma still dm

Hmmm

Hey everyone! 👋

a final-year Cybersecurity student with only 4 months of study so far. I need guidance for my graduation project but I haven’t decided on an idea yet.

If anyone can give free mentorship, suggest project ideas, or point me to helpful resources/community channels, I’d really appreciate it!

You can reach me here or on imyinsaudi@gmail.com

Thanks a lot!

Hi everyone! I’m a second-year student interested in cybersecurity and looking for mentorship or advice on what to learn and focus on. Any guidance on skills, resources, or next steps would mean a lot. Thanks!

Hi, I’m going to be heading into a university course next year for cyber security and I was hoping to get a head start here, if anyone has any advice on where to start and valuable resources, or things you wish you knew earlier, PLEASE reply or DM me, anything helps ty

Hi all, I'm interested in a career in GRC, can anyone recommend learning paths or rooms.

I've recently been spending a lot of time on Reddit and LinkedIn, and I've noticed quite a few people pivoting directly from SOC roles (mid-tier positions with 2–4 years of experience) or IT manager positions straight into Red Team Operator roles.

Because of that, I've been a bit confused about how this is possible. Maybe these are edge cases, or perhaps I’m just misinformed. Whenever I look at job postings for Red Team Operator positions, they almost always require prior pentesting experience; typically at least three years.

I’ve also heard actual real stories about companies hiring people without prior offensive security experience and training them internally to become RTOs, as long as they already have a background in cybersecurity. (Some even out of college)

So my question is: are these just rare cases of people getting lucky, or are companies genuinely open to hiring candidates without offensive experience and training them to become Red Team Operators? (Yes, I'm aware it's almost the pinnacle of OffSec.)

Obviously, this is a broad question and the answer probably depends on the company, but I’d really appreciate insights from anyone who’s been in the offensive security field for a while. Personally, I haven’t been able to find any company willing to train newcomers in this area. They seem willing to do that for almost every other cybersecurity specialization except offensive security (Training employees for the job in France is required by law).

It does happen that companies pull from internal teams and train up. After leaving a prior cyber post, I heard the pentesting team were recruiting initially internally. A friend of mine was already a QA in another department and I suggested she apply. She got the position and they trained her up.

Usually companies would like someone to have prior IT/cyber experience of several years but some people show potential and are already quite capable in other roles and transitioning a hard worker from one department into pentesting/red teaming is a viable option. Companies can be quite surprising in their hiring practices for various roles

I got that opportunity for internal switch, but for forensics. Wish it was for Red Teaming. Thanks for your input I appreciate it.

Gave +1 Rep to @rugged delta (current: #18 - 543)

Well hopefully you'll have more opportunities and a suitable red teaming operation opens up. You've been working hard for it

Not sure if joking or being serious

Hi 👋🏾 I would like to become a security engineer I would like you to help me know where I should start or establish a roadmap

Damn, must've been some all-nighters

I just get random volunteer "contracts"

No pay at all

And I do want pay

Just being taken advantaged of in hopes of getting my foot in the door.

And its a fking federal department

And they will randomly call or text me some "mission" they want and Id dedicate a month or two to it

Last one was march to early may

Been quiet since

I kinda like not getting called at 5 in the fking morning

You could go through the TryHackMe courses or https://roadmap.sh/r/ethical-hacking-yyvh9